| | 1 | + | #Check for webshells |
| | 2 | + | get-childitem -path "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\" -Recurse -Filter *.aspx | ? {$_.LastWriteTime -gt (Get-Date).AddDays(-30)} |
| | 3 | + | |
| | 4 | + | get-childitem -path "C:\inetpub\wwwroot" -Recurse -Filter *.aspx | ? {$_.LastWriteTime -gt (Get-Date).AddDays(-30)} |
| | 5 | + | |
| | 6 | + | get-childitem -path "C:\Users\All Users" -Recurse -Filter *.aspx | ? {$_.LastWriteTime -gt (Get-Date).AddDays(-30)} |
| | 7 | + | |
| | 8 | + | #Check for virtual directory abuse |
| | 9 | + | |
| | 10 | + | [xml]$xmlElm = Get-Content -Path "C:\Windows\System32\inetsrv\Config\applicationHost.config" |
| | 11 | + | $xmlElm.ChildNodes.location |
| | 12 | + | |
| | 13 | + | |
Daniel Card
committed
with
GitHub
2 years ago
1 parent 81b6e2b3